From nobody Sun Nov 24 05:59:48 2024 Delivered-To: importer@patchew.org Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=pass(p=none dis=none) header.from=redhat.com ARC-Seal: i=1; a=rsa-sha256; t=1725545627; cv=none; d=zohomail.com; s=zohoarc; b=foLGn5nkSkqpwbJoTkujY32L8hzDBMdou3MJpzmBNcflz/axpbLdJlbM4KmqTwy87hYym/vdywjds7oew/FZesfYoL1Qq+DGoKHmHoZswg4JkC6Ebdd4OOlDvA/BflT6r8m9rMpX/MvRzgB2o6/g/2AAJ33zI31iEEd0eLyXPRI= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1725545627; h=Content-Transfer-Encoding:Cc:Cc:Date:Date:From:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Archive:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:Subject:To:To:Message-Id:Reply-To; bh=buc/b/J4U5kAzNJs0ejzKLLfx2CUYhIl1VrP4NZnjUs=; b=nWhPEX8OHQGGjeDmbJ6dKIz9SA7lL0MYwcoseE3pz1OnrznaoGRK/XQbj5J/OrvLiTq8mBe6iXGGpvf9K8bCik+WBJriLoYAopno1aXKg+VOo4D+GTvXLODmjvZspAnmZSLdmqvM1dRhoAEBQ0pVmI/tQEoH7cP6j5ygGCO2e54= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=pass header.from= (p=none dis=none) Return-Path: Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) by mx.zohomail.com with SMTPS id 1725545627354303.1987815441679; Thu, 5 Sep 2024 07:13:47 -0700 (PDT) Received: from localhost ([::1] helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1smDE2-0001bk-DF; Thu, 05 Sep 2024 10:12:42 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1smDE0-0001W7-VN for qemu-devel@nongnu.org; Thu, 05 Sep 2024 10:12:40 -0400 Received: from us-smtp-delivery-124.mimecast.com ([170.10.129.124]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1smDDy-0007eV-VW for qemu-devel@nongnu.org; Thu, 05 Sep 2024 10:12:40 -0400 Received: from mx-prod-mc-03.mail-002.prod.us-west-2.aws.redhat.com (ec2-54-186-198-63.us-west-2.compute.amazonaws.com [54.186.198.63]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.3, cipher=TLS_AES_256_GCM_SHA384) id us-mta-683-UlMVX1cYN2CII_81WSIH8g-1; Thu, 05 Sep 2024 10:12:34 -0400 Received: from mx-prod-int-02.mail-002.prod.us-west-2.aws.redhat.com (mx-prod-int-02.mail-002.prod.us-west-2.aws.redhat.com [10.30.177.15]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by mx-prod-mc-03.mail-002.prod.us-west-2.aws.redhat.com (Postfix) with ESMTPS id 104861895DCC; Thu, 5 Sep 2024 14:12:16 +0000 (UTC) Received: from sirius.home.kraxel.org (unknown [10.39.192.114]) by mx-prod-int-02.mail-002.prod.us-west-2.aws.redhat.com (Postfix) with ESMTPS id 9C3F21956086; Thu, 5 Sep 2024 14:12:13 +0000 (UTC) Received: by sirius.home.kraxel.org (Postfix, from userid 1000) id 5B7A31801012; Thu, 5 Sep 2024 16:12:11 +0200 (CEST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1725545558; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=buc/b/J4U5kAzNJs0ejzKLLfx2CUYhIl1VrP4NZnjUs=; b=O4I7cQjYMamFyFToULb2gyiLfnh1FhfA1HZWkLYjCy27Q49lb8VyolWUMGXYqNKd+daRpu mBOg21Rmzdq1PXxedf2UG8J8sh1787t3Q6xIQjFl5r5YXhayBtMNCOVUcoLHrEAo+hx5hz YJe+IxCkarXRPMeiwsRZYT/HufbUdCw= X-MC-Unique: UlMVX1cYN2CII_81WSIH8g-1 From: Gerd Hoffmann To: qemu-devel@nongnu.org Cc: Paolo Bonzini , Yanan Wang , Zhao Liu , Eduardo Habkost , Richard Henderson , Marcel Apfelbaum , =?UTF-8?q?Philippe=20Mathieu-Daud=C3=A9?= , "Michael S. Tsirkin" , Gerd Hoffmann Subject: [PATCH v2 1/5] vl: fix qemu_validate_options() indention Date: Thu, 5 Sep 2024 16:12:06 +0200 Message-ID: <20240905141211.1253307-2-kraxel@redhat.com> In-Reply-To: <20240905141211.1253307-1-kraxel@redhat.com> References: <20240905141211.1253307-1-kraxel@redhat.com> MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable X-Scanned-By: MIMEDefang 3.0 on 10.30.177.15 Received-SPF: pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) client-ip=209.51.188.17; envelope-from=qemu-devel-bounces+importer=patchew.org@nongnu.org; helo=lists.gnu.org; Received-SPF: pass client-ip=170.10.129.124; envelope-from=kraxel@redhat.com; helo=us-smtp-delivery-124.mimecast.com X-Spam_score_int: 11 X-Spam_score: 1.1 X-Spam_bar: + X-Spam_report: (1.1 / 5.0 requ) BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.142, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H3=0.001, RCVD_IN_MSPIKE_WL=0.001, RCVD_IN_SBL_CSS=3.335, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01 autolearn=no autolearn_force=no X-Spam_action: no action X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: qemu-devel-bounces+importer=patchew.org@nongnu.org Sender: qemu-devel-bounces+importer=patchew.org@nongnu.org X-ZohoMail-DKIM: pass (identity @redhat.com) X-ZM-MESSAGEID: 1725545629119116600 Content-Type: text/plain; charset="utf-8" Signed-off-by: Gerd Hoffmann --- system/vl.c | 16 ++++++++-------- 1 file changed, 8 insertions(+), 8 deletions(-) diff --git a/system/vl.c b/system/vl.c index 01b8b8e77ad1..302ad81285b7 100644 --- a/system/vl.c +++ b/system/vl.c @@ -2426,15 +2426,15 @@ static void qemu_validate_options(const QDict *mach= ine_opts) const char *kernel_cmdline =3D qdict_get_try_str(machine_opts, "append= "); =20 if (kernel_filename =3D=3D NULL) { - if (kernel_cmdline !=3D NULL) { - error_report("-append only allowed with -kernel option"); - exit(1); - } + if (kernel_cmdline !=3D NULL) { + error_report("-append only allowed with -kernel option"); + exit(1); + } =20 - if (initrd_filename !=3D NULL) { - error_report("-initrd only allowed with -kernel option"); - exit(1); - } + if (initrd_filename !=3D NULL) { + error_report("-initrd only allowed with -kernel option"); + exit(1); + } } =20 if (loadvm && incoming) { --=20 2.46.0 From nobody Sun Nov 24 05:59:48 2024 Delivered-To: importer@patchew.org Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=pass(p=none dis=none) header.from=redhat.com ARC-Seal: i=1; a=rsa-sha256; t=1725545594; cv=none; d=zohomail.com; s=zohoarc; b=ZbTA1Q7vjkQtu3T8uypyTAMYonIdnBCXXKYWQf7CBiOzDju8qXVLh74j5m16vCothYiBM8SYONs8nrL1swfDEDXoFub0qM8UwYiH+uOdfhRjW0eLRtLMoLRAkAItEqW58rP5ZEXn0lK0f5yi2o0AYrgyZr7nPHSyO1s4I05alWw= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1725545594; h=Content-Transfer-Encoding:Cc:Cc:Date:Date:From:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Archive:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:Subject:To:To:Message-Id:Reply-To; bh=TL8vTH4YCMUe51y+p1Vb+X9iCcVEBS/dnuV3VxjoA/s=; b=PadG3z6drxjZNwr7J6HvbBGu/eakxR86/AJlxlSJfgxfktONmN+rGsyPeO8w7oeELLel3RPpNzIrskSde1sjB4frFE9SN5k9LVnBeFXg/Ey7GeWmbv+jclzO7OIsojGSzHtGusPXm2MI6gchKO1hi+1/YH0dFGhtlRI36SGmhXA= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=pass header.from= (p=none dis=none) Return-Path: Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) by mx.zohomail.com with SMTPS id 1725545594554641.4676070875531; Thu, 5 Sep 2024 07:13:14 -0700 (PDT) Received: from localhost ([::1] helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1smDDt-00015u-US; Thu, 05 Sep 2024 10:12:34 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1smDDq-00012Q-Fl for qemu-devel@nongnu.org; Thu, 05 Sep 2024 10:12:30 -0400 Received: from us-smtp-delivery-124.mimecast.com ([170.10.129.124]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1smDDo-0007cX-CQ for qemu-devel@nongnu.org; Thu, 05 Sep 2024 10:12:29 -0400 Received: from mx-prod-mc-04.mail-002.prod.us-west-2.aws.redhat.com (ec2-54-186-198-63.us-west-2.compute.amazonaws.com [54.186.198.63]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.3, cipher=TLS_AES_256_GCM_SHA384) id us-mta-341-gxAFKP6lOTW8ZyBkqoc2nw-1; Thu, 05 Sep 2024 10:12:19 -0400 Received: from mx-prod-int-02.mail-002.prod.us-west-2.aws.redhat.com (mx-prod-int-02.mail-002.prod.us-west-2.aws.redhat.com [10.30.177.15]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by mx-prod-mc-04.mail-002.prod.us-west-2.aws.redhat.com (Postfix) with ESMTPS id 3D2DC1977320; Thu, 5 Sep 2024 14:12:18 +0000 (UTC) Received: from sirius.home.kraxel.org (unknown [10.39.192.114]) by mx-prod-int-02.mail-002.prod.us-west-2.aws.redhat.com (Postfix) with ESMTPS id 66BE8195608A; Thu, 5 Sep 2024 14:12:17 +0000 (UTC) Received: by sirius.home.kraxel.org (Postfix, from userid 1000) id 6B6B11801020; Thu, 5 Sep 2024 16:12:11 +0200 (CEST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1725545541; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=TL8vTH4YCMUe51y+p1Vb+X9iCcVEBS/dnuV3VxjoA/s=; b=RR079O/UTkiLlLw9o6RQEfdpI0FpApBdXcfxi6DbLgBVHfTPoFA8kOt67VFnsEP1cC1gbG RsTRlV1PPLWRzsRmc26aEr2l1bOu1A7OZZIJN7Umv58z9sIj3nFJX1uKogPZyeAJuw7k/f pC61ePz+Z5QHSFtU+o6BOlVbYg7QoQY= X-MC-Unique: gxAFKP6lOTW8ZyBkqoc2nw-1 From: Gerd Hoffmann To: qemu-devel@nongnu.org Cc: Paolo Bonzini , Yanan Wang , Zhao Liu , Eduardo Habkost , Richard Henderson , Marcel Apfelbaum , =?UTF-8?q?Philippe=20Mathieu-Daud=C3=A9?= , "Michael S. Tsirkin" , Gerd Hoffmann Subject: [PATCH v2 2/5] x86/loader: only patch linux kernels Date: Thu, 5 Sep 2024 16:12:07 +0200 Message-ID: <20240905141211.1253307-3-kraxel@redhat.com> In-Reply-To: <20240905141211.1253307-1-kraxel@redhat.com> References: <20240905141211.1253307-1-kraxel@redhat.com> MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable X-Scanned-By: MIMEDefang 3.0 on 10.30.177.15 Received-SPF: pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) client-ip=209.51.188.17; envelope-from=qemu-devel-bounces+importer=patchew.org@nongnu.org; helo=lists.gnu.org; Received-SPF: pass client-ip=170.10.129.124; envelope-from=kraxel@redhat.com; helo=us-smtp-delivery-124.mimecast.com X-Spam_score_int: 11 X-Spam_score: 1.1 X-Spam_bar: + X-Spam_report: (1.1 / 5.0 requ) BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.142, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H3=0.001, RCVD_IN_MSPIKE_WL=0.001, RCVD_IN_SBL_CSS=3.335, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01 autolearn=no autolearn_force=no X-Spam_action: no action X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: qemu-devel-bounces+importer=patchew.org@nongnu.org Sender: qemu-devel-bounces+importer=patchew.org@nongnu.org X-ZohoMail-DKIM: pass (identity @redhat.com) X-ZM-MESSAGEID: 1725545595855116600 Content-Type: text/plain; charset="utf-8" If the binary loaded via -kernel is *not* a linux kernel (in which case protocol =3D=3D 0), do not patch the linux kernel header fields. It's (a) pointless and (b) might break binaries by random patching and (c) changes the binary hash which in turn breaks secure boot verification. Background: OVMF happily loads and runs not only linux kernels but any efi binary via direct kernel boot. Note: Breaking the secure boot verification is a problem for linux kernels too, but fixed that is left for another day ... Signed-off-by: Gerd Hoffmann --- hw/i386/x86-common.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/hw/i386/x86-common.c b/hw/i386/x86-common.c index 992ea1f25e94..b52903c47fec 100644 --- a/hw/i386/x86-common.c +++ b/hw/i386/x86-common.c @@ -943,7 +943,7 @@ void x86_load_linux(X86MachineState *x86ms, * kernel on the other side of the fw_cfg interface matches the hash o= f the * file the user passed in. */ - if (!sev_enabled()) { + if (!sev_enabled() && protocol > 0) { memcpy(setup, header, MIN(sizeof(header), setup_size)); } =20 --=20 2.46.0 From nobody Sun Nov 24 05:59:48 2024 Delivered-To: importer@patchew.org Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=pass(p=none dis=none) header.from=redhat.com ARC-Seal: i=1; a=rsa-sha256; t=1725545614; cv=none; d=zohomail.com; s=zohoarc; b=jkWW0Tm1KPgvr94Dv5vOnOfZOPnHVpSBpVTpuPuMbLV77LkyMNsWKz8JjnA3JSv5042ctE+kBC+pNcahUXh1zoCIbClCq3DNNV6mZVDaBMl7VvpzaKbDPWYk9imiGHrDuCEZh+rcbD63HS5Oc9Ik9mys6Ato26HIgJ8lVX4A1kE= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1725545614; h=Content-Transfer-Encoding:Cc:Cc:Date:Date:From:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Archive:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:Subject:To:To:Message-Id:Reply-To; bh=XtgoVbdYBgYFXpCyU3VNs2GY7VUCeJ9Aryx8/Wd/8dQ=; b=iqWPrOGcFAA5//hwdZfH3+OGqhHQN1nJXL0QNhiRGctoSxZU21/QS1yPQrQ4PGQW0w0R9Us0y81zpkWewb3f8u0trLH74HUlcE3XOTHG3nV2J88xhihThunU3lUGgfFTsf06T7V3KhX1bbke9sJbPBGTxT584WcUHAere13cYUw= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=pass header.from= (p=none dis=none) Return-Path: Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) by mx.zohomail.com with SMTPS id 1725545614811219.56964884020715; Thu, 5 Sep 2024 07:13:34 -0700 (PDT) Received: from localhost ([::1] helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1smDE1-0001Yg-Qm; Thu, 05 Sep 2024 10:12:41 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1smDDz-0001TY-Pc for qemu-devel@nongnu.org; Thu, 05 Sep 2024 10:12:39 -0400 Received: from us-smtp-delivery-124.mimecast.com ([170.10.129.124]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1smDDy-0007eP-9E for qemu-devel@nongnu.org; Thu, 05 Sep 2024 10:12:39 -0400 Received: from mx-prod-mc-03.mail-002.prod.us-west-2.aws.redhat.com (ec2-54-186-198-63.us-west-2.compute.amazonaws.com [54.186.198.63]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.3, cipher=TLS_AES_256_GCM_SHA384) id us-mta-487-3e2exMygNzmUVGapDRbwdw-1; Thu, 05 Sep 2024 10:12:36 -0400 Received: from mx-prod-int-01.mail-002.prod.us-west-2.aws.redhat.com (mx-prod-int-01.mail-002.prod.us-west-2.aws.redhat.com [10.30.177.4]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by mx-prod-mc-03.mail-002.prod.us-west-2.aws.redhat.com (Postfix) with ESMTPS id 1F5ED1893D3D; Thu, 5 Sep 2024 14:12:22 +0000 (UTC) Received: from sirius.home.kraxel.org (unknown [10.39.192.114]) by mx-prod-int-01.mail-002.prod.us-west-2.aws.redhat.com (Postfix) with ESMTPS id 464B8300023D; Thu, 5 Sep 2024 14:12:21 +0000 (UTC) Received: by sirius.home.kraxel.org (Postfix, from userid 1000) id 7AD091801023; Thu, 5 Sep 2024 16:12:11 +0200 (CEST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1725545557; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=XtgoVbdYBgYFXpCyU3VNs2GY7VUCeJ9Aryx8/Wd/8dQ=; b=R3FjhL6xFaaR+jDiQVkaqwzf6PtxsB5qygWlW76xf84jLA1pnV7ph/kC3TsBpCITHlgXmQ 6eueJCMcoS+4QpzdBauySMg+jy0BsBF2/58ncVWRQ91CHM8lxNU5F7PEtV50oLDL7yNIKd 1kgI2jLDxrbeIdkNhbQ7dtieMHV/w3c= X-MC-Unique: 3e2exMygNzmUVGapDRbwdw-1 From: Gerd Hoffmann To: qemu-devel@nongnu.org Cc: Paolo Bonzini , Yanan Wang , Zhao Liu , Eduardo Habkost , Richard Henderson , Marcel Apfelbaum , =?UTF-8?q?Philippe=20Mathieu-Daud=C3=A9?= , "Michael S. Tsirkin" , Gerd Hoffmann Subject: [PATCH v2 3/5] x86/loader: read complete kernel Date: Thu, 5 Sep 2024 16:12:08 +0200 Message-ID: <20240905141211.1253307-4-kraxel@redhat.com> In-Reply-To: <20240905141211.1253307-1-kraxel@redhat.com> References: <20240905141211.1253307-1-kraxel@redhat.com> MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable X-Scanned-By: MIMEDefang 3.4.1 on 10.30.177.4 Received-SPF: pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) client-ip=209.51.188.17; envelope-from=qemu-devel-bounces+importer=patchew.org@nongnu.org; helo=lists.gnu.org; Received-SPF: pass client-ip=170.10.129.124; envelope-from=kraxel@redhat.com; helo=us-smtp-delivery-124.mimecast.com X-Spam_score_int: 11 X-Spam_score: 1.1 X-Spam_bar: + X-Spam_report: (1.1 / 5.0 requ) BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.142, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H3=0.001, RCVD_IN_MSPIKE_WL=0.001, RCVD_IN_SBL_CSS=3.335, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01 autolearn=no autolearn_force=no X-Spam_action: no action X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: qemu-devel-bounces+importer=patchew.org@nongnu.org Sender: qemu-devel-bounces+importer=patchew.org@nongnu.org X-ZohoMail-DKIM: pass (identity @redhat.com) X-ZM-MESSAGEID: 1725545614959116600 Content-Type: text/plain; charset="utf-8" Load the complete kernel (including setup) into memory. Excluding the setup is handled later when adding the FW_CFG_KERNEL_SIZE and FW_CFG_KERNEL_DATA entries. This is a preparation for the next patch which adds a new fw_cfg file containing the complete, unpatched kernel. No functional change. Signed-off-by: Gerd Hoffmann --- hw/i386/x86-common.c | 11 ++++++----- 1 file changed, 6 insertions(+), 5 deletions(-) diff --git a/hw/i386/x86-common.c b/hw/i386/x86-common.c index b52903c47fec..82137e053ae0 100644 --- a/hw/i386/x86-common.c +++ b/hw/i386/x86-common.c @@ -893,7 +893,6 @@ void x86_load_linux(X86MachineState *x86ms, fprintf(stderr, "qemu: invalid kernel header\n"); exit(1); } - kernel_size -=3D setup_size; =20 setup =3D g_malloc(setup_size); kernel =3D g_malloc(kernel_size); @@ -902,6 +901,7 @@ void x86_load_linux(X86MachineState *x86ms, fprintf(stderr, "fread() failed\n"); exit(1); } + fseek(f, 0, SEEK_SET); if (fread(kernel, 1, kernel_size, f) !=3D kernel_size) { fprintf(stderr, "fread() failed\n"); exit(1); @@ -948,10 +948,11 @@ void x86_load_linux(X86MachineState *x86ms, } =20 fw_cfg_add_i32(fw_cfg, FW_CFG_KERNEL_ADDR, prot_addr); - fw_cfg_add_i32(fw_cfg, FW_CFG_KERNEL_SIZE, kernel_size); - fw_cfg_add_bytes(fw_cfg, FW_CFG_KERNEL_DATA, kernel, kernel_size); - sev_load_ctx.kernel_data =3D (char *)kernel; - sev_load_ctx.kernel_size =3D kernel_size; + fw_cfg_add_i32(fw_cfg, FW_CFG_KERNEL_SIZE, kernel_size - setup_size); + fw_cfg_add_bytes(fw_cfg, FW_CFG_KERNEL_DATA, + kernel + setup_size, kernel_size - setup_size); + sev_load_ctx.kernel_data =3D (char *)kernel + setup_size; + sev_load_ctx.kernel_size =3D kernel_size - setup_size; =20 fw_cfg_add_i32(fw_cfg, FW_CFG_SETUP_ADDR, real_addr); fw_cfg_add_i32(fw_cfg, FW_CFG_SETUP_SIZE, setup_size); --=20 2.46.0 From nobody Sun Nov 24 05:59:48 2024 Delivered-To: importer@patchew.org Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=pass(p=none dis=none) header.from=redhat.com ARC-Seal: i=1; a=rsa-sha256; t=1725545611; cv=none; d=zohomail.com; s=zohoarc; b=PCWT/XAaSruCK9tHX1eEAl9BdFSy+ED2OtzVWAh+v4mEoWinI6SAvM6+pD/KgRnDPLzvX6rKEsHLwXyk1HNArGHhgAWqgh+LxW9mzK6QDGMTztTYVJcVHNLvjYMwsOL3Zlq4MaRWwseEnjEh/JqXf7UFoNLEWXYntTB/EtIoV6Y= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1725545611; h=Content-Transfer-Encoding:Cc:Cc:Date:Date:From:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Archive:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:Subject:To:To:Message-Id:Reply-To; bh=EnSCAvMEDhOTVcUWKcZ6UqOjBQXvtVrMSu6OcmI1xIg=; b=Ccp++B7WVhDRu73T81XfIKqIjiXDSqIKU30jIi6pHQyAemiKUR3g7p8vBQvOz5oO9n2+dc2m0lADvVnOHTnjcqDLmdyW38XGgnnTLp38umpNS/Z2nXtv/pbiZ+iWguit7Rjt4Pe/bFAz5KGgr4BYoQX1RMiPFE4D/LLDJ9QWTiw= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=pass header.from= (p=none dis=none) Return-Path: Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) by mx.zohomail.com with SMTPS id 1725545611345558.4501172808542; Thu, 5 Sep 2024 07:13:31 -0700 (PDT) Received: from localhost ([::1] helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1smDE2-0001c9-Ka; Thu, 05 Sep 2024 10:12:42 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1smDE0-0001UH-BE for qemu-devel@nongnu.org; Thu, 05 Sep 2024 10:12:40 -0400 Received: from us-smtp-delivery-124.mimecast.com ([170.10.133.124]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1smDDy-0007eT-Qn for qemu-devel@nongnu.org; Thu, 05 Sep 2024 10:12:40 -0400 Received: from mx-prod-mc-03.mail-002.prod.us-west-2.aws.redhat.com (ec2-54-186-198-63.us-west-2.compute.amazonaws.com [54.186.198.63]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.3, cipher=TLS_AES_256_GCM_SHA384) id us-mta-284-I51-T8iNNhOgu2WiimOcjA-1; Thu, 05 Sep 2024 10:12:35 -0400 Received: from mx-prod-int-02.mail-002.prod.us-west-2.aws.redhat.com (mx-prod-int-02.mail-002.prod.us-west-2.aws.redhat.com [10.30.177.15]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by mx-prod-mc-03.mail-002.prod.us-west-2.aws.redhat.com (Postfix) with ESMTPS id E4B391893D25; Thu, 5 Sep 2024 14:12:20 +0000 (UTC) Received: from sirius.home.kraxel.org (unknown [10.39.192.114]) by mx-prod-int-02.mail-002.prod.us-west-2.aws.redhat.com (Postfix) with ESMTPS id 57AF31956086; Thu, 5 Sep 2024 14:12:20 +0000 (UTC) Received: by sirius.home.kraxel.org (Postfix, from userid 1000) id 89F851801024; Thu, 5 Sep 2024 16:12:11 +0200 (CEST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1725545558; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=EnSCAvMEDhOTVcUWKcZ6UqOjBQXvtVrMSu6OcmI1xIg=; b=dy1BcyzaPd9VS3dgwGr14Cpf1pr/SJOHh1nw8CfsVR0GpsQRy/Nd4ANFxZaqOh5P6iAtlF r2093q5v7/N4Y0Ki9ClLd1h3nVRWfzCXdFdHP3yMgioW96VDDPyPrBl+yAwV0rLW/k1tk6 pCEpvZN0PP8hKCn3feNlwvtceCvfcco= X-MC-Unique: I51-T8iNNhOgu2WiimOcjA-1 From: Gerd Hoffmann To: qemu-devel@nongnu.org Cc: Paolo Bonzini , Yanan Wang , Zhao Liu , Eduardo Habkost , Richard Henderson , Marcel Apfelbaum , =?UTF-8?q?Philippe=20Mathieu-Daud=C3=A9?= , "Michael S. Tsirkin" , Gerd Hoffmann Subject: [PATCH v2 4/5] x86/loader: expose unpatched kernel Date: Thu, 5 Sep 2024 16:12:09 +0200 Message-ID: <20240905141211.1253307-5-kraxel@redhat.com> In-Reply-To: <20240905141211.1253307-1-kraxel@redhat.com> References: <20240905141211.1253307-1-kraxel@redhat.com> MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable X-Scanned-By: MIMEDefang 3.0 on 10.30.177.15 Received-SPF: pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) client-ip=209.51.188.17; envelope-from=qemu-devel-bounces+importer=patchew.org@nongnu.org; helo=lists.gnu.org; Received-SPF: pass client-ip=170.10.133.124; envelope-from=kraxel@redhat.com; helo=us-smtp-delivery-124.mimecast.com X-Spam_score_int: 11 X-Spam_score: 1.1 X-Spam_bar: + X-Spam_report: (1.1 / 5.0 requ) BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.142, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H4=0.001, RCVD_IN_MSPIKE_WL=0.001, RCVD_IN_SBL_CSS=3.335, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01 autolearn=no autolearn_force=no X-Spam_action: no action X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: qemu-devel-bounces+importer=patchew.org@nongnu.org Sender: qemu-devel-bounces+importer=patchew.org@nongnu.org X-ZohoMail-DKIM: pass (identity @redhat.com) X-ZM-MESSAGEID: 1725545613234116600 Content-Type: text/plain; charset="utf-8" Add a new "etc/boot/kernel" fw_cfg file, containing the kernel without the setup header patches. Intended use is booting in UEFI with secure boot enabled, where the setup header patching breaks secure boot verification. Needs OVMF changes too to be actually useful. Signed-off-by: Gerd Hoffmann --- hw/i386/x86-common.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/hw/i386/x86-common.c b/hw/i386/x86-common.c index 82137e053ae0..63cf41711e72 100644 --- a/hw/i386/x86-common.c +++ b/hw/i386/x86-common.c @@ -960,6 +960,9 @@ void x86_load_linux(X86MachineState *x86ms, sev_load_ctx.setup_data =3D (char *)setup; sev_load_ctx.setup_size =3D setup_size; =20 + /* kernel without setup header patches */ + fw_cfg_add_file(fw_cfg, "etc/boot/kernel", kernel, kernel_size); + if (sev_enabled()) { sev_add_kernel_loader_hashes(&sev_load_ctx, &error_fatal); } --=20 2.46.0 From nobody Sun Nov 24 05:59:48 2024 Delivered-To: importer@patchew.org Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=pass(p=none dis=none) header.from=redhat.com ARC-Seal: i=1; a=rsa-sha256; t=1725545597; cv=none; d=zohomail.com; s=zohoarc; b=KytlQNY/IWjLYCVQa12F5lFN6FzzbdwHOjst4FpttcXJUAv5Mzn/KOjC/1vhIRhi5L/t44DVpcgpFVXOtBLIVz8FVYnxrQXmE11cUxp9Y4X6aXN5DIl3g27+ydaVEGXJMYum9r6u/3qIVpGsTDQimVPgde+8YjkZKE7TJuMeJhc= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1725545597; h=Content-Transfer-Encoding:Cc:Cc:Date:Date:From:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Archive:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:Subject:To:To:Message-Id:Reply-To; bh=KtA1CmVasAF/iJB5X6XCtNrDEUBs9Z62TqkiEk6N+KU=; b=Mn9a7TX5DyEmlYhSKV9P/NvdHzILuUrYvewiOJO3uebCTvpAiD4N94k9v3bZyDWh2ZWmXBgqkFIbJVNvz/RJNsyF11KcdP8kY8JG6jSOH+6qBeHFLD1r7SAWTDeeOhQowiSMga4EY4jZJDpPBnGBdhJgmRZJEiJNw3L6s2MlKug= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=pass header.from= (p=none dis=none) Return-Path: Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) by mx.zohomail.com with SMTPS id 1725545597174406.1416133412132; Thu, 5 Sep 2024 07:13:17 -0700 (PDT) Received: from localhost ([::1] helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1smDE5-0001ph-Po; Thu, 05 Sep 2024 10:12:45 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1smDE3-0001i7-S9 for qemu-devel@nongnu.org; Thu, 05 Sep 2024 10:12:43 -0400 Received: from us-smtp-delivery-124.mimecast.com ([170.10.129.124]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1smDE2-0007fE-5J for qemu-devel@nongnu.org; Thu, 05 Sep 2024 10:12:43 -0400 Received: from mx-prod-mc-03.mail-002.prod.us-west-2.aws.redhat.com (ec2-54-186-198-63.us-west-2.compute.amazonaws.com [54.186.198.63]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.3, cipher=TLS_AES_256_GCM_SHA384) id us-mta-491-9YWovyJbN228Is2j1tQMPg-1; Thu, 05 Sep 2024 10:12:36 -0400 Received: from mx-prod-int-02.mail-002.prod.us-west-2.aws.redhat.com (mx-prod-int-02.mail-002.prod.us-west-2.aws.redhat.com [10.30.177.15]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by mx-prod-mc-03.mail-002.prod.us-west-2.aws.redhat.com (Postfix) with ESMTPS id 0167E1891BA0; Thu, 5 Sep 2024 14:12:24 +0000 (UTC) Received: from sirius.home.kraxel.org (unknown [10.39.192.114]) by mx-prod-int-02.mail-002.prod.us-west-2.aws.redhat.com (Postfix) with ESMTPS id 43790195608A; Thu, 5 Sep 2024 14:12:23 +0000 (UTC) Received: by sirius.home.kraxel.org (Postfix, from userid 1000) id A2AFC1801025; Thu, 5 Sep 2024 16:12:11 +0200 (CEST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1725545561; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=KtA1CmVasAF/iJB5X6XCtNrDEUBs9Z62TqkiEk6N+KU=; b=ACZTzr8SaBrlrQMxuE48FKOjsdnsh9NI7cTEnUav50lxb3pm5roYZAof0i3cVIJUsZorXg /GD/OfulCCPN67CvQOe6tfZtLZ41gTADHBhc/Hs9GfxthXDuAsbS69IrYBHl3758kUTNJQ TL1OhU6NQbBfYxcgx7x2ExHOmfwEufI= X-MC-Unique: 9YWovyJbN228Is2j1tQMPg-1 From: Gerd Hoffmann To: qemu-devel@nongnu.org Cc: Paolo Bonzini , Yanan Wang , Zhao Liu , Eduardo Habkost , Richard Henderson , Marcel Apfelbaum , =?UTF-8?q?Philippe=20Mathieu-Daud=C3=A9?= , "Michael S. Tsirkin" , Gerd Hoffmann Subject: [PATCH v2 5/5] x86/loader: add -shim option Date: Thu, 5 Sep 2024 16:12:10 +0200 Message-ID: <20240905141211.1253307-6-kraxel@redhat.com> In-Reply-To: <20240905141211.1253307-1-kraxel@redhat.com> References: <20240905141211.1253307-1-kraxel@redhat.com> MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable X-Scanned-By: MIMEDefang 3.0 on 10.30.177.15 Received-SPF: pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) client-ip=209.51.188.17; envelope-from=qemu-devel-bounces+importer=patchew.org@nongnu.org; helo=lists.gnu.org; Received-SPF: pass client-ip=170.10.129.124; envelope-from=kraxel@redhat.com; helo=us-smtp-delivery-124.mimecast.com X-Spam_score_int: 11 X-Spam_score: 1.1 X-Spam_bar: + X-Spam_report: (1.1 / 5.0 requ) BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.142, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H3=0.001, RCVD_IN_MSPIKE_WL=0.001, RCVD_IN_SBL_CSS=3.335, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01 autolearn=no autolearn_force=no X-Spam_action: no action X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: qemu-devel-bounces+importer=patchew.org@nongnu.org Sender: qemu-devel-bounces+importer=patchew.org@nongnu.org X-ZohoMail-DKIM: pass (identity @redhat.com) X-ZM-MESSAGEID: 1725545599089116600 Content-Type: text/plain; charset="utf-8" Add new -shim command line option, wire up for the x86 loader. When specified load shim into the new "etc/boot/shim" fw_cfg file. Needs OVMF changes too to be actually useful. Signed-off-by: Gerd Hoffmann --- include/hw/boards.h | 1 + hw/core/machine.c | 20 ++++++++++++++++++++ hw/i386/x86-common.c | 16 ++++++++++++++++ system/vl.c | 9 +++++++++ qemu-options.hx | 7 +++++++ 5 files changed, 53 insertions(+) diff --git a/include/hw/boards.h b/include/hw/boards.h index 48ff6d8b93f7..0ab83ffb0df1 100644 --- a/include/hw/boards.h +++ b/include/hw/boards.h @@ -408,6 +408,7 @@ struct MachineState { BootConfiguration boot_config; char *kernel_filename; char *kernel_cmdline; + char *shim_filename; char *initrd_filename; const char *cpu_type; AccelState *accelerator; diff --git a/hw/core/machine.c b/hw/core/machine.c index 27dcda024834..d0eb2387ac13 100644 --- a/hw/core/machine.c +++ b/hw/core/machine.c @@ -322,6 +322,21 @@ static void machine_set_kernel(Object *obj, const char= *value, Error **errp) ms->kernel_filename =3D g_strdup(value); } =20 +static char *machine_get_shim(Object *obj, Error **errp) +{ + MachineState *ms =3D MACHINE(obj); + + return g_strdup(ms->shim_filename); +} + +static void machine_set_shim(Object *obj, const char *value, Error **errp) +{ + MachineState *ms =3D MACHINE(obj); + + g_free(ms->shim_filename); + ms->shim_filename =3D g_strdup(value); +} + static char *machine_get_initrd(Object *obj, Error **errp) { MachineState *ms =3D MACHINE(obj); @@ -1022,6 +1037,11 @@ static void machine_class_init(ObjectClass *oc, void= *data) object_class_property_set_description(oc, "kernel", "Linux kernel image file"); =20 + object_class_property_add_str(oc, "shim", + machine_get_shim, machine_set_shim); + object_class_property_set_description(oc, "shim", + "shim.efi file"); + object_class_property_add_str(oc, "initrd", machine_get_initrd, machine_set_initrd); object_class_property_set_description(oc, "initrd", diff --git a/hw/i386/x86-common.c b/hw/i386/x86-common.c index 63cf41711e72..1da86725c7ec 100644 --- a/hw/i386/x86-common.c +++ b/hw/i386/x86-common.c @@ -963,6 +963,22 @@ void x86_load_linux(X86MachineState *x86ms, /* kernel without setup header patches */ fw_cfg_add_file(fw_cfg, "etc/boot/kernel", kernel, kernel_size); =20 + if (machine->shim_filename) { + GMappedFile *mapped_file; + GError *gerr =3D NULL; + + mapped_file =3D g_mapped_file_new(machine->shim_filename, false, &= gerr); + if (!mapped_file) { + fprintf(stderr, "qemu: error reading shim %s: %s\n", + machine->shim_filename, gerr->message); + exit(1); + } + + fw_cfg_add_file(fw_cfg, "etc/boot/shim", + g_mapped_file_get_contents(mapped_file), + g_mapped_file_get_length(mapped_file)); + } + if (sev_enabled()) { sev_add_kernel_loader_hashes(&sev_load_ctx, &error_fatal); } diff --git a/system/vl.c b/system/vl.c index 302ad81285b7..368704b98958 100644 --- a/system/vl.c +++ b/system/vl.c @@ -2422,6 +2422,7 @@ static void configure_accelerators(const char *progna= me) static void qemu_validate_options(const QDict *machine_opts) { const char *kernel_filename =3D qdict_get_try_str(machine_opts, "kerne= l"); + const char *shim_filename =3D qdict_get_try_str(machine_opts, "shim"); const char *initrd_filename =3D qdict_get_try_str(machine_opts, "initr= d"); const char *kernel_cmdline =3D qdict_get_try_str(machine_opts, "append= "); =20 @@ -2431,6 +2432,11 @@ static void qemu_validate_options(const QDict *machi= ne_opts) exit(1); } =20 + if (shim_filename !=3D NULL) { + error_report("-shim only allowed with -kernel option"); + exit(1); + } + if (initrd_filename !=3D NULL) { error_report("-initrd only allowed with -kernel option"); exit(1); @@ -2924,6 +2930,9 @@ void qemu_init(int argc, char **argv) case QEMU_OPTION_kernel: qdict_put_str(machine_opts_dict, "kernel", optarg); break; + case QEMU_OPTION_shim: + qdict_put_str(machine_opts_dict, "shim", optarg); + break; case QEMU_OPTION_initrd: qdict_put_str(machine_opts_dict, "initrd", optarg); break; diff --git a/qemu-options.hx b/qemu-options.hx index d94e2cbbaeb1..b182d2498397 100644 --- a/qemu-options.hx +++ b/qemu-options.hx @@ -4197,6 +4197,13 @@ SRST or in multiboot format. ERST =20 +DEF("shim", HAS_ARG, QEMU_OPTION_shim, \ + "-shim shim.efi use 'shim.efi' to boot the kernel\n", QEMU_ARCH_ALL) +SRST +``-shim shim.efi`` + Use 'shim.efi' to boot the kernel +ERST + DEF("append", HAS_ARG, QEMU_OPTION_append, \ "-append cmdline use 'cmdline' as kernel command line\n", QEMU_ARCH_AL= L) SRST --=20 2.46.0